<?php
if (!defined('SYSTEM_ROOT')) { die('Insufficient Permissions'); }

if(isset($_GET['msg'])){
    echo '<script>alert(\''.htmlspecialchars($_REQUEST['msg']).'\');</script>';
}

if(isset($_GET['cast'])){
    $mode = isset($_POST['mode']) ? addslashes(strip_tags($_POST['mode'])) : 0;
    $sum = isset($_POST['sum']) ? addslashes(strip_tags($_POST['sum'])) : 0;
    $remark = isset($_POST['remark']) ? addslashes(strip_tags($_POST['remark'])) : '';
    if(empty($mode) || empty($sum) || !is_numeric($sum)){
        Redirect('index.php?mod=expense&msg='.urlencode('输入信息不正确，请重试！'));
    } else {
        global $m;
        $time = time();
        $m->query("INSERT INTO `".DB_NAME."`.`".DB_PREFIX."record` (`id`,`uid`,`mode`,`money`,`remark`,`date`) VALUE (NULL,".UID.",'{$mode}',{$sum},'{$remark}',$time)");
        Redirect('index.php?mod=expense&msg='.urlencode('该笔记录添加成功！'));
    }
}
elseif(isset($_GET['save'])){
    $sum = isset($_POST['sum']) ? addslashes(strip_tags($_POST['sum'])) : 0;
    $remark = isset($_POST['remark']) ? addslashes(strip_tags($_POST['remark'])) : '';
    if(empty($sum) || !is_numeric($sum)){
        Redirect('index.php?mod=expense&msg='.urlencode('输入信息不正确，请重试！'));
    } else {
        global $m;
        $time = time();
        $m->query("INSERT INTO `".DB_NAME."`.`".DB_PREFIX."record` (`id`,`uid`,`mode`,`money`,`remark`,`date`) VALUE (NULL,".UID.",'存入',{$sum},'{$remark}',$time)");
        Redirect('index.php?mod=expense&msg='.urlencode('该笔记录添加成功！'));
    }
}

?>